windows 7 update and security recommendations committee review
Post on 26-Dec-2015
222 Views
Preview:
TRANSCRIPT
Applications Requesting Exception• UCSF Security Exception Request Form developed for non-
compatible applications and hardware: http://it.ucsf.edu/sites/it.ucsf.edu/files/security_exception_request_v1.5_0.pdf
• Applications submitted for exception:– AMCOM (Operator DB for Patient Info) Connie Standfield, 8
– EndoPRO Cindy Weiner, 75
– EndoPro (APF-Lab) Natasha Komarovskaya
– GE Mobile Care Server Paul Jimenez, 30
– GE Patient Data Server Paul Jimenez, 22
– HeartSuite James Cundiff, 4
– Softmed Natasha Komarovskaya, 10
– SoftMed 6.5 Ed Mahony
– SoftMed Core Messaging Framework Ed Mahony
– SoftMed Resource Locking Client Ed Mahony
– Vericis [Cardiology] James Cundiff, 4
Communications
• Conduct Desktop Drop Notification for Phase II Clinical Rollout: 2/10/14
• Survey early adopter groups for feedback on performance post-upgrade (Lakeshore and Women’s Health Daly City Clinic): 2/13/14
• Medical Center Update: 2/7/14
• Manager’s Weekly: 2/10/14
• Ideas from the project team:– Easily identifiable outfit for morning after Field Walkers
– Quick view stickers: green (upgraded), orange (issue), red (exception)
Security Recommendations
Current State
• No current domain level GPO (Group Policy Object) with local security settings
• Users that receive UCSFMC imaged laptops are set to have local admin access by default.
Risk
• Local admin access– Malware
– Phishing\credential theft
– Installing unauthorized\potentially malicious software
– Potential software licensing issues
– Unauthorized removal of software
– Unauthorized system configuration changes
Risk
• No baseline GPO– Overall this is not best practice
– Many low impacting settings that can have a positive affect on our security posture
IT Security Recommendations
• Local admin access– No local admin access as default user configuration
• Principle of Least Privilege
• Group policy object settings• Based on USGCB (US Government Configuration Baseline)
– Local Windows settings
• 17 GPO settings– Internet Explorer settings
• 5 GPO settings
Impact
• No local admin access– Users will be unable to install and update some
software
– Potentially increased support calls to install software and make other needed configuration changes
– Self support at home
• GPO settings– Each setting has its own inherent impact
Mitigations to Minimize Impact
• Local admin access– Beyond Trust Power Brokers Desktop (Privilege
Manager)
– Software Center (SCCM) – Self Service Portal• In pilot
– Exception process\procedure
• Elevated account request
• GPO settings– Testing to date has revealed little impact to user
productivity
top related